CVE List - 2020 / July
Showing 101 - 200 of 1417 CVEs for July 2020 (Page 2 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-2215 | 2020-07-02 | A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. |
| CVE-2020-2216 | 2020-07-02 | A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username... |
| CVE-2020-2217 | 2020-07-02 | Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS)... |
| CVE-2020-2218 | 2020-07-02 | Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with... |
| CVE-2020-2219 | 2020-07-02 | Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-13653 | 2020-07-02 | An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a... |
| CVE-2020-14092 | 2020-07-02 | The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. |
| CVE-2019-20894 | 2020-07-02 | Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred. |
| CVE-2020-15081 | 2020-07-02 | Information exposure in the upload directory in PrestaShop |
| CVE-2020-15080 | 2020-07-02 | Information disclosure in release archive in PrestaShop |
| CVE-2020-15079 | 2020-07-02 | Improper access control in PrestaShop |
| CVE-2020-11074 | 2020-07-02 | Stored XSS in PrestaShop |
| CVE-2020-15083 | 2020-07-02 | Reflected XSS when uploading an image in the Product page in PrestaShop |
| CVE-2020-15082 | 2020-07-02 | External control of configuration setting in the dashboard in PrestaShop |
| CVE-2020-4061 | 2020-07-02 | Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites |
| CVE-2020-15091 | 2020-07-02 | Denial of Service in TenderMint |
| CVE-2020-4074 | 2020-07-02 | Improper Authentication |
| CVE-2020-8185 | 2020-07-02 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. |
| CVE-2020-8163 | 2020-07-02 | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. |
| CVE-2020-8188 | 2020-07-02 | We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on... |
| CVE-2020-8166 | 2020-07-02 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present... |
| CVE-2020-8179 | 2020-07-02 | Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. |
| CVE-2020-8176 | 2020-07-02 | A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint. |
| CVE-2020-15469 | 2020-07-02 | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. |
| CVE-2019-20418 | 2020-07-03 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint.... |
| CVE-2019-20419 | 2020-07-03 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5,... |
| CVE-2020-14172 | 2020-07-03 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates... |
| CVE-2020-14173 | 2020-07-03 | The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.... |
| CVE-2020-15518 | 2020-07-03 | VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O... |
| CVE-2020-7282 | 2020-07-03 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) |
| CVE-2020-7281 | 2020-07-03 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) |
| CVE-2020-7283 | 2020-07-03 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) |
| CVE-2020-10281 | 2020-07-03 | RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0 |
| CVE-2020-10282 | 2020-07-03 | RVD#3316: No authentication in MAVLink protocol |
| CVE-2020-7284 | 2020-07-03 | Network Security Management (NSM) - Exposure of Sensitive Information |
| CVE-2020-15523 | 2020-07-04 | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded... |
| CVE-2020-15530 | 2020-07-05 | An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during... |
| CVE-2020-15529 | 2020-07-05 | An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because... |
| CVE-2020-15528 | 2020-07-05 | An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing... |
| CVE-2020-15466 | 2020-07-05 | In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. |
| CVE-2020-15540 | 2020-07-05 | We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. |
| CVE-2020-15539 | 2020-07-05 | SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. |
| CVE-2020-15538 | 2020-07-05 | XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. |
| CVE-2020-15537 | 2020-07-05 | An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search... |
| CVE-2020-15536 | 2020-07-05 | An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. |
| CVE-2020-15535 | 2020-07-05 | An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. |
| CVE-2020-15542 | 2020-07-05 | SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. |
| CVE-2020-15543 | 2020-07-05 | SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. |
| CVE-2020-15541 | 2020-07-05 | SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. |
| CVE-2020-15562 | 2020-07-06 | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript... |
| CVE-2020-7691 | 2020-07-06 | Cross-site Scripting (XSS) |
| CVE-2020-7690 | 2020-07-06 | All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method. |
| CVE-2020-15569 | 2020-07-06 | PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. |
| CVE-2020-15570 | 2020-07-06 | The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. |
| CVE-2020-14303 | 2020-07-06 | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet... |
| CVE-2020-9100 | 2020-07-06 | Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this... |
| CVE-2020-1837 | 2020-07-06 | ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a... |
| CVE-2019-8066 | 2020-07-06 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful... |
| CVE-2019-8250 | 2020-07-06 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful... |
| CVE-2019-8251 | 2020-07-06 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful... |
| CVE-2019-8249 | 2020-07-06 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful... |
| CVE-2019-8252 | 2020-07-06 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful... |
| CVE-2020-5352 | 2020-07-06 | Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the... |
| CVE-2020-5356 | 2020-07-06 | Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any... |
| CVE-2020-5368 | 2020-07-06 | Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. |
| CVE-2020-5371 | 2020-07-06 | Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage... |
| CVE-2020-5372 | 2020-07-06 | Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test... |
| CVE-2020-6013 | 2020-07-06 | ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission... |
| CVE-2020-10760 | 2020-07-06 | A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this... |
| CVE-2020-9262 | 2020-07-06 | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed,... |
| CVE-2020-1838 | 2020-07-06 | HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft... |
| CVE-2020-9261 | 2020-07-06 | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the... |
| CVE-2020-9226 | 2020-07-06 | HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability... |
| CVE-2020-1836 | 2020-07-06 | HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure,... |
| CVE-2020-1839 | 2020-07-06 | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process... |
| CVE-2019-14900 | 2020-07-06 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when... |
| CVE-2020-9395 | 2020-07-06 | An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via... |
| CVE-2020-4077 | 2020-07-07 | Context isolation bypass via contextBridge in Electron |
| CVE-2020-4076 | 2020-07-07 | Context isolation bypass via leaked cross-context objects in Electron |
| CVE-2020-4075 | 2020-07-07 | Arbitrary file read via window-open IPC in Electron |
| CVE-2020-15096 | 2020-07-07 | Context isolation bypass via Promise in Electron |
| CVE-2020-15507 | 2020-07-07 | An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system... |
| CVE-2020-15506 | 2020-07-07 | An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via... |
| CVE-2020-15505 | 2020-07-07 | A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0;... |
| CVE-2020-5595 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow... |
| CVE-2020-5596 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage... |
| CVE-2020-5597 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer... |
| CVE-2020-5598 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access... |
| CVE-2020-5599 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization... |
| CVE-2020-5600 | 2020-07-07 | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management... |
| CVE-2020-15566 | 2020-07-07 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of... |
| CVE-2020-15563 | 2020-07-07 | An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking... |
| CVE-2020-15565 | 2020-07-07 | An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient... |
| CVE-2020-15564 | 2020-07-07 | An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is... |
| CVE-2020-15567 | 2020-07-07 | An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT... |
| CVE-2020-15576 | 2020-07-07 | SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. |
| CVE-2020-15575 | 2020-07-07 | SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. |
| CVE-2020-15574 | 2020-07-07 | SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. |
| CVE-2020-15573 | 2020-07-07 | SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. |
| CVE-2020-15584 | 2020-07-07 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks.... |